SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter.
Max CVSS
7.5
EPSS Score
0.40%
Published
2015-02-27
Updated
2018-10-09
SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-admin/admin-ajax.php.
Max CVSS
7.5
EPSS Score
0.40%
Published
2015-02-26
Updated
2016-11-30
SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed.
Max CVSS
7.5
EPSS Score
0.46%
Published
2015-02-24
Updated
2016-11-30
SQL injection vulnerability in DLGuard 4.5 allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php.
Max CVSS
7.5
EPSS Score
0.14%
Published
2015-02-24
Updated
2016-12-31

CVE-2015-2065

Public exploit
SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin before 2.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the vid parameter in a rss action to wp-admin/admin-ajax.php.
Max CVSS
7.5
EPSS Score
1.20%
Published
2015-02-24
Updated
2016-11-30
SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php.
Max CVSS
6.5
EPSS Score
0.31%
Published
2015-02-20
Updated
2016-11-30
SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.09%
Published
2015-02-17
Updated
2015-02-18
Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset Manager (aka Quest Workspace Asset Manager) before 9.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) GetClientPackage.aspx or (2) GetProcessedPackage.aspx.
Max CVSS
7.5
EPSS Score
96.31%
Published
2015-02-24
Updated
2015-02-25
Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to (1) copy2.php, (2) localize.php, (3) metai.php, (4) nc.php, (5) new2.php, or (6) rename2.php in u5admin/; (7) c parameter to u5admin/editor.php; (8) typ parameter to u5admin/meta2.php; or (9) newname parameter to u5admin/rename2.php.
Max CVSS
7.5
EPSS Score
0.14%
Published
2015-02-11
Updated
2015-02-12
SQL injection vulnerability in the search_post function in includes/search.php in Redaxscript before 2.3.0 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter.
Max CVSS
7.5
EPSS Score
0.20%
Published
2015-02-11
Updated
2018-10-09
SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.
Max CVSS
6.0
EPSS Score
0.21%
Published
2015-02-20
Updated
2018-10-09
Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 allow (1) remote attackers to execute arbitrary SQL commands via the device ID REST parameter (PATH_INFO) to /ajax.php or (2) remote authenticated users to execute arbitrary SQL commands via the order parameter to index.php.
Max CVSS
7.5
EPSS Score
0.19%
Published
2015-02-06
Updated
2018-10-09
SQL injection vulnerability in SIPhone Enterprise PBX allows remote attackers to execute arbitrary SQL commands via the Username.
Max CVSS
7.5
EPSS Score
0.18%
Published
2015-02-06
Updated
2017-09-08
SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter.
Max CVSS
6.5
EPSS Score
0.21%
Published
2015-02-04
Updated
2015-02-06
SQL injection vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewad task to classifieds/offerring-ads.
Max CVSS
7.5
EPSS Score
0.14%
Published
2015-02-04
Updated
2015-02-04
Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allow remote attackers to execute arbitrary SQL commands via the (1) productbycat parameter to product.php, or (2) username or (3) password parameter to __admin/index.php.
Max CVSS
7.5
EPSS Score
0.11%
Published
2015-02-04
Updated
2015-02-04
SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI.
Max CVSS
7.5
EPSS Score
0.29%
Published
2015-02-12
Updated
2015-02-13
Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to private/en/locale/index.
Max CVSS
7.5
EPSS Score
0.15%
Published
2015-02-06
Updated
2018-10-09
SQL injection vulnerability in Restaurant Biller allows remote attackers to execute arbitrary SQL commands via the cid parameter in a category action to index.php.
Max CVSS
7.5
EPSS Score
0.13%
Published
2015-02-02
Updated
2015-02-04
SQL injection vulnerability in views/zero_transact_user.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a Modify Account action. NOTE: The article_id parameter to zero_view_article.php vector is already covered by CVE-2014-4034.
Max CVSS
7.5
EPSS Score
2.22%
Published
2015-02-06
Updated
2015-02-09
SQL injection vulnerability in Piwigo before 2.5.6, 2.6.x before 2.6.5, and 2.7.x before 2.7.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.33%
Published
2015-02-03
Updated
2015-02-04
Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category parameter to index.php.
Max CVSS
6.5
EPSS Score
1.56%
Published
2015-02-16
Updated
2019-03-13
Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote authenticated users to execute arbitrary SQL commands via the value_id parameter in a save_value action to backend/main.php.
Max CVSS
7.5
EPSS Score
3.41%
Published
2015-02-03
Updated
2018-10-09
SQL injection vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.14%
Published
2015-02-03
Updated
2015-02-04
SQL injection vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.14%
Published
2015-02-03
Updated
2015-02-04
29 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!